How to modify the policy?
Hongwei Li
hongwei at wustl.edu
Thu Apr 14 14:47:46 UTC 2005
Hi,
I have a fc3 linux (kernel 2.6.10-1.770_FC3) with selinux enforced,
targeted policy 1.17.30-2.96. I try to use squirrelmail's plugin
change_passwd, but got denied. The system log shows:
Apr 14 09:42:59 pippo kernel: audit(1113489779.011:0): avc: denied {
search } for pid=13211 exe=/bin/bash name=src dev=hda6 ino=425174
scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:src_t
tclass=dir
Apr 14 09:42:59 pippo kernel: audit(1113489779.012:0): avc: denied {
setuid } for pid=13211 exe=/usr/bin/chpasswd capability=7
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capability
I can use that plugin's command in ssh console, but just not from the web.
Should I change the targeted policy to make it working? If yes, how to
modify the policy?
Thanks a lot!
Hongwei Li
More information about the selinux
mailing list